EA003230B1 - Method for securing safety of electronic information - Google Patents

Abstract

1. A security assurance method for electronic information, characterized in that an electronic information file is divided into a plurality of information elements; the divided information elements are selected and combined with their order changed to produce one or more information blocks in which all of the information elements are included if all of the information blocks are integrated; division extraction data in which formation information of said information elements and the information blocks are recorded is produced; said information blocks and the division extraction data are stored or transmitted; and when said electronic information is to be utilized, all of said information blocks and said division extraction data are collected and the information elements included in said information blocks are re-divided, re-arranged in the correct order and integrated based on said division extraction data to restore the original electronic information file. 2. A security assurance method for electronic information according to claim 1, characterized in that said division extraction data is stored or transmitted separately. 3. A security assurance method for electronic information according to claim 1, characterized in that said division extraction data relating to said information elements is annexed for each of said information elements. 4. A security assurance method for electronic information according to any one of claims 1 to 3, characterized in that said information blocks and the division extraction data are stored into an external storage apparatus to keep the electronic information in said external storage apparatus in security. 5. A security assurance method for electronic information according to any one of claims 1 to 3, characterized in that a plurality of said information blocks are formed, and said blocks are transmitted in a separate state from each other to a recipient together with said division extraction data. 6. A security assurance method for electronic information according to claim 5, characterized in that said division extraction data includes data for confirmation of the originality of said electronic information file. 7. A security assurance method for electronic information according to any one of claims 1 to 6, characterized in that an information element selected from among said information elements is included commonly into a plurality of information blocks, and when the information elements are integrated, the identity of said information elements included commonly in an overlapping relationship in the different information blocks is verified to confirm the security of the information. 8. A security assurance method for electronic information according to any one of claims 5 to 7, characterized in that at least one of said information blocks and said division extraction data is transmitted to the recipient by second transmission means different from the transmission means for the other electronic information. 9. A security assurance method for electronic information according to claim 8, characterized in that a transfer station is interposed in said transmission means or said second transmission means, and a block of the information to be sent by said transmission means is accommodated into an information package together with destination information and sent to said transfer station, which in turn transfers the information block to said recipient based on said destination information.

Description

The invention relates to a method for protecting electronic information when storing electronic information or exchanging electronic information, as well as to a method for ensuring the protection of the identity of electronic information and the original.

Prior art

A large number of computers are already connected to the communication networks and continue to connect, forming a system in which each computer can be connected to a large number of users through a communication channel, including those that are not exactly installed. Consequently, there is a possibility that a third party who is not authorized to use a communication channel can access electronic information stored in an external storage device of a computer, such as a device on hard disks, and this information can be stolen by this third party. or changed.

The volume of transmission of electronic information via a communication channel, for example, the exchange of personal information via e-mail, etc., the distribution of application programs, such as game programs or programs for business, or the distribution of edited data extracted from the database, also continues to grow. When used for such an exchange of electronic information communication equipment open to access from the outside, there is a possibility that a third party who is not a receiving party, can receive the transmitted electronic information through interception or theft and use it. In particular, when a paid distribution of information is carried out or private information is transmitted, it is necessary to take countermeasures that make it difficult to steal transmitted electronic information.

In order to block the use of electronic information by a third party that is not related to it, even if the third party received this electronic information, a method is used to ensure the secrecy of electronic information by encrypting it. Encryption technologies developed for this purpose include various systems, such as encryption systems that use a symmetric key, and other encryption systems that use an asymmetric key.

However, even if these encryption technologies are used, since the stored electronic information or the transmitted electronic information carries all the information, in case any person (for example, decryption of the cipher) masters the decryption method, that person can Easily decrypt this cipher and access useful information.

It is also possible to change or falsify this information, therefore it is necessary to constantly control whether the authenticity and accuracy of the extracted or received information is preserved. In particular, when electronic information is stored or transmitted that requires a high degree of protection, for example, face authentication information, the reliability of traditional methods is in doubt.

If the information transmitted is subject to change or is lost, then most of the extracted or received information can not be properly used, and the use of such incorrect information can lead to a number of violations. It also sometimes matters the fact that the information turned out to be known to a third party. Accordingly, it is necessary to have a convenient way to confirm that the received electronic information is identical to the information sent, and to confirm that the electronic information is being used legally.

Therefore, it is an object of the present invention to provide a method for securing electronic information by processing electronic information to be stored or transferred, so that even if stored or transmitted electronic information has been stolen, it cannot be used to reduce the value of this information, as well as creating a way to ensure the authenticity of the information that the user has extracted or received for the purpose of recovery.

Summary of Invention

The method of ensuring the protection of electronic information according to the present invention is characterized in that the electronic information file is divided into a plurality of information elements, and the separated information elements are selected and combined in a modified order to form one or more information blocks. Information blocks are formed in such a way that, if not all information blocks are combined, not all information elements will be covered. In addition, data on separation and extraction are generated, in which information on the separation of information elements and information on the formation of information blocks are recorded, and part of the information blocks, together with data on separation and extraction, are transmitted and stored at the certification station. Meanwhile, other parts are memorized or transmitted separately. Then, if it is necessary to confirm the authenticity of electronic information, all information blocks and data on separation and extraction, including the part stored at the certification station, are gathered together, and the information blocks are again divided into original information elements, re-assemble them in the correct order and combine them into based on separation and retrieval data to restore the original electronic information file.

According to the method of ensuring the protection of electronic information according to the present invention, part of the information is placed on the certification station and, when initial information is required, the information block and information block belonging to the other party are available, and the information block located on the certification block is combined to restore the information. Accordingly, even if one of the interacting parties and the certification station change their information, the fact of the change is easily detected, and since the information stored at the certification station is not complete, but constitutes only a part of the information, the amount of information required by the certification station can be is small. In addition, since the information security authentication function is divided between three parties, there is an advantage in administering a certification station, which means that the responsibility placed on the certification station is small.

It should be noted that the separation and retrieval data can be stored or transmitted separately and that the separation and retrieval data relating to the information elements can be generated and attached to each information element.

According to the method of ensuring the protection of electronic information according to the present invention, an electronic information file to be memorized or transferred is divided into a suitable number of information elements of a suitable length, which are then shuffled and combined to form one or more information blocks, and information blocks are stored in an external storage device or sent to the recipient.

Accordingly, since the stored or transmitted electronic information is in such a state that it does not represent any value until it is restored (as is the case with information on paper destroyed by a cutting paper cutter), even if a third party there is no recovery tool; it will gain access to this electronic information; valuable information will not be leaked and, therefore, electronic information will be protected.

Also, if only one information block is formed for the electronic information file, then, since the order of the information elements placed in the information block is different, reading or distinguishing the information will be difficult. However, when forming a set of information blocks and memorizing and sending them separately from each other, even if a third party stole one of the information blocks, the entire content of electronic information will not be stolen, and therefore the level of information protection is further increased.

You can also use encryption technology to store or transfer information blocks, providing an additional improvement in information security.

The separation and retrieval data is the data needed for separation and combining, which is used when information blocks are formed, and this data is stored or forwarded with the information blocks. Since separation and extraction data include position information and length information for each information element in the electronic information file, they can be attached to each information element and can be processed together with the information block. In addition, when information security is particularly important, separation and retrieval data can be processed separately from information blocks.

A person retrieving or receiving electronic information collects all information blocks and uses separation and extraction data to highlight information elements included in separate information blocks and reunite information elements in the correct order to restore the original electronic information.

If electronic information is to be stored in the external storage device of a computer, information blocks and data on separation and retrieval can be generated by processing the electronic information file in the manner described above and stored in an external device.

If the security method of the present invention is used for a storage device, even if a third party has gained access to this storage device, this will not leak valuable information, and the protection will be improved when the electronic information is stored in a computer.

It should be noted that if it is necessary to send electronic information, it is preferable to divide the electronic information file into multiple information elements, with the separated information elements being selected and combined to form a plurality of information blocks, after which the information blocks are transmitted separately from each other to the recipient, and the data on separation and extraction transmit to the recipient together with the selected information blocks, after which the receiving party receiving this data clearly s shares and integrates the information elements included in the information blocks in the right order on the basis of data on separation and recovery to restore the original electronic information.

If it is necessary to send an electronic information file, it is preferable that it has a higher degree of protection, since the access channel used is often freely accessible. In this case, a very high degree of protection can also be achieved by sending multiple information blocks using various means of communication.

Since information blocks in the present invention separately carry only a part of the necessary information, even if some information block is intercepted during transmission, all information cannot be recovered.

Accordingly, it is preferable to transmit to the recipient at least one of the information blocks and data on separation and extraction using a second transmission medium, different from the transmission medium for the remaining electronic information.

If not all information blocks and data about separation and retrieval are sent using the same transmission medium, and some of them are transmitted by another transmission medium, even if the thief has access to the transmission channel, he will not be able to collect all the information that provides a higher degree of protection.

If information blocks are sent at different points in time or sent using different transmission routes, then it is very difficult to steal all information blocks without losing the transmission path and in the worst case only part of the information can be intercepted. Therefore, even when forwarding personal authentication data, it is possible to prevent a third party from stealing this authentication data.

It should be noted that the separation and retrieval data preferably includes data to confirm the authenticity of the electronic information file. The identity of the electronic information file scheduled for shipment and the electronic information recovered by the recipient can be confirmed with a high degree of accuracy by determining that the separation and extraction data and the content of the received information blocks are consistent.

In addition, the identity of the electronic information file intended for transfer and the electronic information restored by the recipient can be confirmed by placing an information element selected from a variety of information elements, i.e. the key element in the information blocks to be sent along different transmission routes so that the key element can be included in them, and by checking, when the information elements are combined, the identity of the key elements included in the overlapping ratio in the received information blocks.

It should be noted that to confirm the identity of the transmitted electronic information and the electronic information file intended for transfer, we also apply a simple way to check whether the number of words included in separate files matches each other.

If the method of ensuring the protection of electronic information according to the present invention is used for online sales of an application program or database, then even if someone who is not a legal buyer steals the transmitted electronic information, he will be able to get only some of this information, and therefore the program being sold. can not be executed, or useful information can not be intercepted. Accordingly, since there is no motivation to steal transmitted electronic information, the theft will not harm the selling party.

In addition, if the method of ensuring the protection of electronic information according to the present invention is used to transfer personal authentication data, information exchange with a high degree of protection can be provided, and theft or falsification of information by a third party is reliably excluded.

If additional certain insurance is preferably required, the original electronic information to be sent is remembered and the electronic information recovered by the receiving party is sent back and checked with the original electronic information to confirm identity.

In addition, if the electronic information recovered by the recipient is sent back and checked against the memorized original of this electronic information to confirm identity, even if the electronic information was changed during transmission or partially lost, it can be immediately determined and adopted appropriate countermeasures.

It should be noted that the information blocks received by the recipient can be sent back as they are and check with the original of this electronic information. If a check is performed for each information block, then the damaged part can be identified, which makes it easier to take appropriate countermeasures.

If a difference from the original is detected, then, in case of doubts about the reliability of the communication channel, you can send the information again or you can change the communication channel to prevent interference of the person who made the changes to this information. It should be noted that the recipient may also use electronic information confidentially when the result of the verification is received from the transmitting party.

Reliability is enhanced if a transfer station is located in the transmission medium, or a so-called forwarding authority, which is a neutral and impartial party, so that information can be transmitted through this transfer station. The transfer station forwards the information block to the recipient included in the information packet sent to it, based on the address information.

If the route described above is used to send information blocks, since the instances of separated information blocks differ from each other, it will be difficult for the thief to collect all the information blocks needed to recover the electronic information file in the communication channel, which means that information security is further improved.

In particular, even if only a portion including separation and extraction data is sent through the transfer station, the reliability of the entire system is increased.

It should be noted that if an encryption technology is used to transfer electronic information at a transfer station, then a higher degree of protection can be provided.

In addition, it is possible that the recipient does not need to immediately use the transmitted information. Consequently, the transfer station can store information blocks sent by the transmitting side, so that the recipient may require the transfer station to transfer information blocks if necessary, after which it will be possible to combine the collected information blocks to restore and use electronic information.

Brief Description of the Drawings

FIG. 1 is a block diagram illustrating the concept of a method for providing security of electronic information of the present invention;

FIG. 2 illustrates the operation of the present invention;

FIG. 3 is a flow chart illustrating a first embodiment of a method for providing security of electronic information of the present invention;

FIG. 4 is a block diagram of a system in which the present invention is used;

FIG. 5 is a block diagram illustrating a second embodiment of a method for providing security of electronic information of the present invention;

FIG. 6 is a block diagram of a system in which this option is used;

FIG. 7 is a flow chart illustrating a third embodiment of a method for providing security of electronic information of the present invention;

FIG. 8 is a block diagram of a system in which this option is used;

FIG. 9 is a block diagram illustrating a fourth embodiment of a method for providing security of electronic information of the present invention;

FIG. 10 is a flow chart illustrating a fifth embodiment of a method for providing security of electronic information of the present invention; and FIG. 11 is a block diagram illustrating the function of a certification station or certification body for which the present invention is applicable.

The best embodiment of the invention

The method of ensuring the protection of electronic information according to the present invention is a method of generating reliable protection of electronic information when storing and transmitting an electronic information file. According to the method of the present invention, even if someone steals electronic information during its storage or transfer, the value of the information that can be obtained by the thief is reduced, which prevents damage from the theft, and therefore the benefit of theft is reduced, which contributes theft prevention. In addition, if during the transmission there was a loss of information or it was changed, then this fact is revealed, as a result of which information is protected.

Next, with reference to the drawings describes the details of the present invention.

FIG. 1 is a block diagram illustrating the concept of the present invention, and FIG. 2 shows an example of the operation of the present invention. FIG. 1 shows an example of a use case of the present invention for the case when an electronic information file is divided into six information elements which form two information blocks.

In the method of ensuring the protection of electronic information according to the present invention, the object electronic information file 1 is divided into a suitable number of information elements 2. Here, for the sake of simplicity, the example is shown when the electronic information file 1 is divided into six information elements A, B, C,, E and E. Information elements 2 are not necessary to be divided according to their position, which has an informational meaning, but in order to reduce the likelihood of abduction, information elements 2 prefer no isolated by simple physical separation of the electronic information file 1.

The order of the information elements A, B, C,, E and E, obtained by separating, is changed, and they are grouped appropriately, forming the appropriate number of information blocks 3.

In this example, information elements A, Ό and E are highlighted in the first information block 3, and information elements B, C and E are highlighted in the second information block 3. It should be noted that the order of the information elements in each information block 3 can also be arbitrarily changed .

Even if the indicated information blocks 3 are read by a third party, then, since the information elements A, B, C, ... are arranged in an order that has no information value, the content of the electronic information cannot be read if these elements remain as they are.

In addition, since the electronic information is in a fragmented state, its content cannot be restored until all the information blocks have been received. For example, if the authentication data of a person, which is shown in FIG. 2 (a), divided as shown in FIG. 2 (b), then even if one of the information blocks is intercepted and the information is successfully restored, it cannot be used as authentication data. Consequently, even if someone illegally gets access to this electronic information, it will not be easy to use it, which means that information can be protected.

Depending on the purpose, the information blocks 3 are either stored in the memory or sent to the recipient.

The user of electronic information divides information blocks 3, received from a storage device or received from the transmitting side, into initial information elements 4 (A, B, C, ...) and rearranges information elements 4 in the correct order to form a useful electronic information file 5 , thereby restoring the original electronic information file 1.

The basic information for restoring the electronic information file 1 is information on the separation of information elements A, B, C, ... included in information blocks 3, and information on the position and length of each information element in the electronic information file 1.

After all the information blocks 3 related to the object electronic information file 1 are assembled, the electronic elements in the information blocks 3 can be distinguished and re-linked in the correct order using the information about the highest address and the word length for each information element 2.

Further, if it is necessary to restore the electronic information file 1, you can use information describing the object electronic information file 1, or information about the order of the information elements included in each block, when information elements 2 are reconfigured to form information blocks 3.

In order to recover the electronic information file 1, you must first confirm that the collected information blocks 3 relate to the object electronic information file 1 and that all relevant information blocks were collected without loss. In this case, the operation can be effectively performed if the identification area XI or X2 is applied to the information block, or the information element and the identification information for specifying the electronic information file 1 is stored and used together with the identification area.

Further, the electronic information file 5, obtained by re-separating the information elements included in each block, using the information about the separation and rearranging them in accordance with the order of the separated information elements 4, becomes the same as the electronic information file 1.

It should be noted that with a certain degree of confidence one can check whether the recovered electronic information file 5 and the original electronic information file 1 are the same, for example, by comparing with each other the total length of words in these files.

Separation and retrieval data, including the specified basic information, is formed when information blocks 3 are formed, which are stored or sent together with an identification area attached to a portion of information blocks 3, and then used to restore the electronic information file 1. The split and retrieval data can be attached to each information element.

It should be noted that the data on the separation and extraction can be stored in memory or sent separately and independently of the information blocks 3.

According to the method of ensuring the protection of electronic information according to the present invention, the number of information blocks 3 corresponding to one electronic information file 1 is not limited to two, but can be any number greater than or equal to three, or can be equal to one. Since in any case the arrangement of information elements in each information block 3 differs from the original arrangement, a third party will not be able to read and use electronic information. Consequently, electronic information can be protected.

Option 1.

In the first embodiment, the method of ensuring the protection of electronic information according to the present invention is used to securely transmit an electronic information file to another party using a communication channel.

FIG. 3 is a block diagram illustrating this embodiment, and FIG. 4 shows a block diagram of a system in which this option is used.

First, with reference to FIG. 3 and 4 describes the basic configuration of this option.

The electronic information source first prepares or extracts from the database and edits the electronic information to be transmitted, creating an electronic information file 11 (81). An example of electronic information of interest to a third party is electronic information that requires a high degree of protection, such as the authentication data of a person, or valuable electronic information, such as software sold through a communication channel.

Then, split software 12 is used to divide the electronic information file 11 into a plurality of information elements 13 (812). For division software 12, the division location for each of the information elements 13 in the electronic information file 11 and the word length of the information element can be indicated.

It should be noted that it is possible not to indicate the place of separation and the word length of each information element, and then the separation software 12 can determine the place of separation and the length of the word, if the number of divisions is indicated. Although the number of divisions can be set arbitrarily, when the object of separation is electronic information up to approximately 100 kilobytes, it is possible to determine that a number is chosen, for example, equal to or less than 100.

Then, extraction software 14 is used to distribute the information elements 13 over the plurality of information blocks 15 (83). Extraction software 14 is designed to rearrange the separated information elements 13 in a different order, and the second function of these software is to distribute information elements 13 over information blocks 15. The number of information blocks can be specified by the operator.

Further, the separation information and the result of the rearrangement of the information elements 13 are converted into separation and extraction data for electronic information and are separately attached to the information elements 13. The separation and extraction data of all the information elements 13 distributed over the information blocks 15 can be applied together in areas Identification X1 and X2 information blocks 15 (84).

It should be noted that the identification areas X1 and X2 may include data relating to the source and receiver; data relating to electronic information, such as the person who prepared the information and its owner; data that describes the possible limits of use of this electronic information, for example, an authorized user or expiration date; data defining the necessary software, for example software combining, and so on.

In addition, if an identifier describing electronic information is described in the identification area, then to facilitate the sorting of information blocks, it is convenient to put together information blocks related to object electronic information so that the recipient again combines these information blocks, restoring the electronic information file.

It should be noted that the data separation and retrieval can be sent to the recipient separately and independently of the information blocks. In addition, instead of applying the separation and retrieval data to information blocks individually, these data can be attached together to one of the information blocks. In addition, separation and retrieval data related to the entire electronic information file can be attached to all information blocks.

Then the information blocks 15 are placed separately on the packets to be transmitted, for sending them to station 21 (85). The address of the final recipient of the package is placed in each packet. Packets are encrypted and sent to transfer stations 21 (86). The encryption process can be performed using any suitable known method.

In this example, different destinations can be selected for individual packets. The means of communication to be used is selected on the basis of the degree of protection, which depends on the degree of risk for a given communication channel and the characteristics of electronic information. In cases where leaks and information changes need to be minimized, the number of communication facilities used should be as large as possible.

It should be noted that with a small risk of information leakage, a normal communication channel can be used, in which there is no transfer station. Since the security method of the present invention provides a high degree of security because electronic information is transmitted over communication channels in a divided and reordered state, even if a normal communication channel is used, this security method ensures a very high degree of protection compared to known methods .

In addition, for transferring a portable storage device such as a floppy disk or the like, for example, mail can be selected as a means of communication.

At each of the forwarding stations 21 receiving the packet, the packet is decrypted to read the destination information contained in the packet (87).

Next, the transfer station 21 re-encrypts the information blocks placed in the packet and sends them to the specified recipient (88).

Since information blocks 15 are distributed to various transfer stations in a state where their content cannot be detected based on their type, even if a third party succeeds in intercepting electronic information present in the communication channel, it will be difficult to identify and collect the necessary information and the third party will not can recover object electronic information.

The recipient receives and decrypts information blocks 31 sent from transfer stations (89), and then searches for information blocks or parts of information elements with an identification area to collect all the information blocks 31 needed to restore object electronic information (810).

Next, the recipient retrieves the information about the separation, which is used in the formation of information elements 13, and information on the extraction, which is used in the formation of information blocks 15, based on the data separation and extraction of the parts with identification area (811).

The recipient then re-separates the information blocks 31 based on the separation information and the extraction information to highlight the original information elements 13 (812) and re-align the information elements 13 in the original order using integration software 32 (813).

Finally, the recipient combines all the information elements to form the electronic information file 33. In this case, the recipient compares the total length of the electronic information file 33, formed by combining, with the value of the total length of the source file included in the separation and extraction data (814). If these values coincide, then with a very high degree of probability we can assume that the original electronic information file 11 has been successfully restored. You can also use information that describes the characteristics of the original or position information in which a suitable bookmark is inserted to confirm with a high degree of accuracy the identity with the original.

Option 2.

In the second embodiment, a method is proposed for ensuring the protection of electronic information according to the present invention with a means of ensuring the authenticity of electronic information with a high degree of reliability.

FIG. 5 is a flowchart illustrating a method for ensuring the protection of electronic information in the second embodiment, with a means of ensuring the authenticity of a source of electronic information, and FIG. 6 is a block diagram of the corresponding system.

Further, with reference to FIG. 5 and 6, an embodiment of the present invention is described in which means are provided for confirming the authenticity of a source of electronic information.

It should be noted that since the security method on which this option is based is similar to that described above, in the following description, repetitions are omitted to the extent that the simplifications or omissions in the description of any part do not lead to a misunderstanding of the essence of the considered embodiment.

When preparing the electronic information file 11 to be sent, the source forms a copy 17 from the original (821) and stores a copy 17 (822). It should be noted that instead of copy 17 you can remember the original.

eleven.

The source then uses the separation and extraction software 16 to process the original 11 electronic information file based on the separation information and extraction information set by the operator or partially created by the computer to form the information block 15 in the same way as the first option described above (823). It should be noted that when memorizing the original 11, a copy 17 is selected as the processing object.

The information blocks 15 are individually sent to the transfer station 21 in a manner similar to the first embodiment (824).

The forwarding stations 21 forward the received information blocks 15 to the recipient (825).

The recipient checks the received information blocks 31, collecting all the information blocks 31 necessary for the recovery of object electronic information (826).

The recipient then uses the merge software to extract the information elements in the information blocks 31 based on the extraction information and the separation information found in the received division and extraction data, and then reassembles and combines the information elements to form the electronic information file 33 (827) .

Further, the recipient creates a copy 35 of the generated electronic information file 33 (828) and returns the copy back to the electronic information source via the transfer station 22 in a manner similar to the transmission method from the source (829). It is preferable to use multiple transfer stations as the transfer station 22, as well as in the case of transmission. In addition, in order to increase the degree of protection, it is preferable to send copy 35 back in encrypted form.

The source compares the received copy 35 of the recovered electronic information file with the copy 17 stored in it to confirm their identity (830). If these files do not coincide with each other, then, since copy 35 cannot be used as electronic information, a discrepancy notification is created at step (831). If the recipient did not receive a notification from the source with a warning, then he may consider that the recovery of the information file was normal (832).

It should be noted that if the two files mentioned do not coincide with each other, this indicates that some kind of failure occurred during the transfer, and if so, then the cause of the failure must be clarified, which must be eliminated in order to ensure the subsequent security transfer. If the cause is not eliminated, then it is preferable to change the means of communication.

If the source confirms in a similar way that the recovery of electronic information by the recipient is correct, then the exchange of electronic information with very high reliability is realized.

Option 3.

The third option is a method of ensuring the authenticity of electronic information, according to which the method of ensuring the protection of electronic information according to the present invention provides a means for confirming the authenticity of each information block in order to detect anomalies in separate communication channels in order to further facilitate countermeasures.

FIG. 7 is a block diagram illustrating this embodiment, and FIG. 8 - block scheme of the system in which this option is used. Further, with reference to FIG. 7 and 8, this embodiment is described in detail.

It should be noted that in this variant, as well as in the previous one, the description of the elements mentioned earlier is simplified or omitted in order to avoid repetitions.

As in the first embodiment, the source prepares the electronic information file 11 to be transmitted (841), and selects and then mixes the information elements based on the separation information and extraction information to form the information blocks 15 (842).

The source then creates a copy from information blocks 15 and stores it (843).

After that, the source sends the packets in which the information blocks 15 are placed to the transfer station 21 in the same way as the first variant (844). The forwarding stations 21 decrypt the packets to read the recipient's address and forward the information blocks 15 to the addressee (845).

The recipient creates a copy of the received information blocks 31 (846) and sends this copy back to the source via the transfer station 23 (847).

The source verifies a copy of the information blocks 31 sent back to it, and a copy of the original information blocks 15 stored with it with each other to confirm whether they match or not (848).

If they match, it means that information blocks 31 have not been changed in the process of transmission, and they can be used as they are to restore electronic information.

Otherwise, when the copies do not coincide with each other, this means that there is an anomaly in the communication channel that was used to transmit the information block. Anomaly detection is possible in the second variant described above, but since the anomaly in the second variant is found in a generalized form for all communication channels together, it is difficult to isolate the anomalous communication route. However, when using this (third) variant of the method, the anomalous route can be determined quite simply, as described above. Accordingly, it is also easy to take the necessary countermeasures, for example, to repair the damage.

A notification is sent to the recipient about the result of the check performed by the source (849).

If the verification result confirms that both copies coincide with each other, the recipient uses the merge software 32 to restore the electronic information file in accordance with a procedure similar to that used in the first version (850). The combined data 33 formed from the information blocks 31 form a file 34 having the same content as the blocks of the original electronic information file 11.

It should be noted that, as described in connection with the first option, the exchange of electronic information can be performed using a communication channel in which the transfer stations 21 or 23 described above are missing.

In addition, transfer stations may memorize information blocks transmitted from the transmitting side and then transmit these information blocks at the request of the recipient. The recipient collects all the information blocks, and then combines, restores and uses them.

Option 4.

According to the fourth variant, the method of ensuring the protection of electronic information according to the present invention is used to store the electronic information file in the external storage device of the computer system.

FIG. 9 is a block diagram of a computer system in which the method of ensuring the protection of electronic information of the present invention is used.

Further, this embodiment is described below with reference to FIG. 9.

It should be noted that since the operations and results of the operation of the components of this option have much in common with the options described above, the same components performing functions similar to those described in the previous versions are denoted by the same reference positions and their description is simplified to avoid repetitions.

The electronic information file 41 prepared by the computer system is divided into information elements, after which the software 42 for separating and extracting them is recompiled, so that the file is distributed over a plurality of information blocks 43 and then stored in the memory 50.

If the electronic information file 41 is to be retrieved from the storage device 50, the information blocks 61, which carry electronic information of interest to a third party, are gathered together, and then the programs of the merging software 62 are executed. Association software 62 extracts separation and extraction information from information blocks 61, extracts information elements in information blocks 61 based on this information, reassembles information elements, restores the original order, and combines them to create an electronic information file 63.

When using this method of ensuring the protection of electronic information according to the present invention, since the electronic information file stored in the storage device 50 is divided into a plurality of information blocks, it is difficult to collect all relevant information blocks so that the object electronic information can be recovered. In addition, since information elements in information blocks are scattered like information on paper after it has been processed by a cutting paper cutter, it will also be difficult to recover a separate piece of electronic information.

In this way, information leakage from outside access can be prevented.

It should be noted that if necessary, write electronic information in the storage device 50 can be encrypted.

In addition, the storage device 50 does not have to be a single storage device; in other words, electronic information can be stored in separate storage devices for each information block.

The method of ensuring the protection of electronic information according to the present invention can be applied when an authentication station for which protection is required stores, in particular, the authentication data of a person in an external storage device, such as a hard disk or magnetic tape storage device.

Option 5.

In the fifth embodiment, a method is proposed for securing electronic information of the present invention, in which means are provided for using a portion of electronic information to protect the authenticity of electronic information. FIG. 10 is a block diagram illustrating the authenticity provisioning tool used in the present embodiment. Since the method of ensuring the protection of electronic information on which this option is based is similar to the method described above, in the following description, the repeating parts are simplified or omitted to avoid repetition.

FIG. 10 shows a case where, as an example of the use of the present invention, an electronic information file is divided into seven information elements, which are combined into two information blocks.

The order of the selected information elements A, B, C, Ό, E, E, and C is changed, and they are grouped appropriately, forming two information blocks. In this example, some of the information elements are included as key elements in both information blocks. In addition, the XI and X2 identification areas are attached to the information blocks, in which information on the separation of information elements, information on the position and length of each information element in the electronic information file, information identifying the electronic file, etc., are recorded so that This information could be used for recovery.

In the example shown in FIG. 10, information elements A, B, C, E and P are distributed in the left information block, and information elements B,, E and C are distributed in the right information block, with information elements B and E being included as key elements in both information blocks . Since the order of information elements in each information block is changed and is not informationally significant, even if a third party reads this information block, it will be impossible to understand the actual content of the electronic information. Information blocks are stored in a storage device or sent to the recipient, depending on the destination.

The electronic information user divides the received information blocks into initial information elements (A, B, C ...) on the basis of the information recorded in the XI and X2 identification areas, and then re-arranges the information elements in the correct order to restore the original electronic information file.

After restoration, information elements B and E are detected and separately checked, which are included in the relation of partial coincidence in two information blocks and play the role of key elements. Thus, if any information block was subjected to a change during storage or transfer of information, then, since the content of partially coinciding information elements does not coincide with each other, the anomaly can be easily detected.

According to the method of detecting anomalies used in this variant, since the key element being the object of verification cannot be retrieved, even if the information block itself was viewed by someone, the intervention of a third party can be easily prevented. In addition, no additional information is required, and information processing to confirm protection is simple.

It should be noted that in reality, the anomaly detection method of the present embodiment can be used along with any other method to improve security.

Option 6.

The sixth option relates to a certification station or certification body that uses the method of ensuring the protection of electronic information according to the present invention for sharing and storing information in several places and accurately performing various checks on the content of business operations, etc. between interested parties.

FIG. 11 is a block diagram illustrating the functionality of a station or certification body where the present invention is applied. Since the security method on which this option is based is similar to that described above, only the part related to the certification body is described in detail in the following description, while the description of the repeating parts is omitted.

The first part I and the second part II convert the mutually agreed content of business transactions into electronic information and memorize this electronic information. However, since no trace remains on the electronic document, even if it was rewritten, its authenticity cannot be protected. Accordingly, in order to minimize the likelihood of a dispute in the future, it is necessary to use an OS certification body, which is a third party that both parties trust, to store the contents of a business transaction and to present and confirm the original if necessary.

However, if the original text is recorded in full, the OS certification body will need a very large amount of memory to store it. In addition, the information in the certification body of the OS itself may undergo a change, and if we try to fully protect the authenticity of electronic information, there will be considerable difficulties in managing and administering the certification body of the OS.

The configuration of this option is determined using the method of ensuring the protection of electronic information according to the present invention, and this option is an authentication system in which the duties of the certification body of the OS are small, and the authenticity of electronic information can be protected with a high degree of certainty.

Stakeholders I and II share the content of the general agreement into information blocks A, B, and C based on the method described above. The first interested party I remembers the first information block A, while the second interested party II remembers the second information block C. In addition, the third information block B is located in the OS certification body.

In the above authentication system, if any of the parties changes its record, the original cannot be restored. Accordingly, the actually recovered electronic information correctly conveys the content of the original. Consequently, the OS certification authority can protect the authenticity of recovered electronic information simply by recording a very small part of the original. Since the memory capacity, which the certification body of the OS should have, is reduced and there is no need to memorize the full text with the content of the agreement, the responsibility of the certification body of the OS for storage is also reduced.

Industrial Applicability of the Invention

As described above, since, according to the method of ensuring the protection of electronic information according to the present invention, the electronic information file is divided into information elements, these elements are reassembled and placed separately into information blocks, and then these information blocks enter communication channels or are stored in a storage device, even if a third party steals a transmitted or memorized information block, then due to the fact that small information elements are scattered in the information the block and the content of electronic information cannot be read or detected; it is possible to prevent the leakage of secret data. In addition, if it is necessary to recover electronic information, the authenticity of this electronic information can be easily confirmed. It is also necessary to add that by sending the result obtained via the communication channel by the recipient or the restored electronic information file back to the source and its verification with a stored copy, authenticity can be protected with a very high degree of reliability.

Claims (9)

1. A method of protecting electronic information, characterized in that the electronic information file is divided into many information elements, the separated information elements are selected and combined in an altered order to form two or more information blocks so that if not all information blocks are combined, then not all information elements form the data of separation and extraction, in which information on the separation of information elements and information on the formation of information units, information blocks and data separation and extraction are selected so that at the same time all the information cannot be collected, at least one of the selected information blocks and data separation and extraction are transmitted to the certification station and stored there, while other blocks they are stored or transmitted separately, and if necessary, confirming the authenticity of electronic information, all information blocks and data of separation and extraction, including what was stored at the certification station, are also collected ionic blocks again separated into the original information elements perform their rebuild in the correct order and combined based on the data separation and extraction in order to restore the original electronic information file. 2. The method of protecting electronic information according to claim 1, characterized in that the separation and extraction data is stored or transmitted separately using means other than the means by which information blocks are stored or transmitted. 3. The method of protecting electronic information according to claim 1, characterized in that the separation and extraction data related to the information elements are applied to each of the information elements. 4. The method of protecting electronic information according to any one of paragraphs. 1 to 3, characterized in that the information blocks and data separation and extraction are stored in an external storage device and the external storage device is disconnected from the system for secure storage of electronic information in it. 5. A method of protecting electronic information according to any one of paragraphs. 1 to 3, characterized in that a plurality of information blocks are formed and these blocks are transmitted to the receiver separately from each other along with the data of separation and extraction. 6. The method of protecting electronic information according to claim 5, characterized in that the data separation and extraction include data to confirm the authenticity of the electronic information file. 7. A method of protecting electronic information according to any one of paragraphs. 1 to 6, characterized in that the plurality of information blocks include one or more index information elements selected among said information elements, and when combining the information elements, the identity of the index information elements included in the overlapping ratio of the various information blocks is verified to confirm information security . 8. A method of protecting electronic information according to any one of paragraphs. 5 to 7, characterized in that at least one of the information blocks and the separation and extraction data are transmitted to the recipient using a second transmission medium other than the transmission medium for other electronic information. 9. The method of protecting electronic information according to claim 8, characterized in that a forwarding station is introduced into the transmission medium or second transmission medium and the information block sent by the transmission medium is placed in the information packet together with the recipient information and sent to the forwarding station, which, in turn, sends the information block to the recipient based on information about the addressee.